Answered by:

REG UNLOAD Access Denied in CMD

Question

I'm trying to write a simple batch file to load a hive from another hard drive, create a key, create a subkey, and then unload the hive. It all works well until I try to unload the hive. It says access denied. Here is what I have

Answers

(1) You're attempting to modify a registry path which you don't have sufficient permissions for, even as administrator. I believe this only errors out at unload time. Checking permissions on the path in regedit should confirm if this is the issue.

(2) Something else on the PC has open handles to the key you opened - possibly a background scan tool of some kind. Using the Systinternals handle.exe tool (http://technet.microsoft.com/en-us/sysinternals/bb896655) with
the -a option will show you open registry handles, although you'll have to sort through a lot of output.

And by the way, questions about non-PowerShell console tools normally work better over in The Official Scripting Guys forum. Same people typically hang out in both places, but the question over here is kind of like getting the hot fudge sauce on your steamed
asparagus - it tastes odd, even if you will be eating both of them at the same meal. |)

All replies

(1) You're attempting to modify a registry path which you don't have sufficient permissions for, even as administrator. I believe this only errors out at unload time. Checking permissions on the path in regedit should confirm if this is the issue.

(2) Something else on the PC has open handles to the key you opened - possibly a background scan tool of some kind. Using the Systinternals handle.exe tool (http://technet.microsoft.com/en-us/sysinternals/bb896655) with
the -a option will show you open registry handles, although you'll have to sort through a lot of output.

And by the way, questions about non-PowerShell console tools normally work better over in The Official Scripting Guys forum. Same people typically hang out in both places, but the question over here is kind of like getting the hot fudge sauce on your steamed
asparagus - it tastes odd, even if you will be eating both of them at the same meal. |)

In any case, I don't think handle.exe will help. Based on the "minwin" name you were using and the fact that you're looking at services modification, I suspect your problem is (1) and you'll need to modify permissions on the loaded hive to get it to work
properly; you can confirm this by visually checking inherited permissions on the terminal subkey in regedit when you've loaded the hive. This looks a lot like a problem I found discussed on the BartPE forum. Take a close look at the discussion towards the
bottom of this page:

The 2nd link you gave was that someone edited the cmd.exe with some strange permissions for a dell running windows xp as a solution. I'm running windows 7 and I know it wouldn't work for me. I noticed windows 7 has a locked down root C:\,
that even if I run cmd as administrator, I cannot add any files to the root. I have to create a subdirectory and then I can add files to that subdirectory. I've read this is because microsoft doesn't trust users on how to handle there computers. I wonder if
it's simular to what I'm dealing with and if someone can look further into this to figure out a work around.

The link said unavailable because the close parenthesis - this symbol --> )
was integrated into the URL, so your web browser was trying to get to .../bb89665) instead of
.../bb89665

In any case, I went through and modified the handle.exe link so it should work from either place that I posted it now. Sorry for the inconvenience.

I'm not sure about the connection you're drawing between the C drive and the registry hive you've loaded, but the discussion in the BartPE forum really is about the exact same problem. They're loading a registry hive and then attempting to make changes to
a particular subkey which has restricted permissions, disallowing even changes by administrators by default. The change can be made to the loaded hive, but when attempting to unload, the operation fails since the modified hive cannot be saved.

The link said unavailable because the close parenthesis - this symbol --> )
was integrated into the URL, so your web browser was trying to get to .../bb89665) instead of
.../bb89665

In any case, I went through and modified the handle.exe link so it should work from either place that I posted it now. Sorry for the inconvenience.

I'm not sure about the connection you're drawing between the C drive and the registry hive you've loaded, but the discussion in the BartPE forum really is about the exact same problem. They're loading a registry hive and then attempting to make changes to
a particular subkey which has restricted permissions, disallowing even changes by administrators by default. The change can be made to the loaded hive, but when attempting to unload, the operation fails since the modified hive cannot be saved.

Can you tell us precisely the subkey path you're trying to modify?

I would really rather not say the subkey path considering all the work I do is very confidential. But I can tell you that I have to make a key (folder icon in regedit), then make a 32bit dwort subkey with a default 0. I have no problems doing this with
regedit.exe, but when issue the commands (as listed above) that do the same thing the gui is, it doesn't want to unload the hive.

Microsoft is conducting an online survey to understand your opinion of the Technet Web site. If you choose to participate, the online survey will be presented to you when you leave the Technet Web site.